Cyber News Rundown: Foxconn production plant in Mexico suffered LockBit attack
A Mexico based Foxconn plant suffered a May ransomware attack carried out by LockBit and are only now slowly returning to full production. In other cybersecurity news, the BlackCat ransomware group took their pages off the dark web and are now posting stolen information to the public web.
African supermarket chain suffers RansomHouse attack
One of the largest supermarket chains in Africa, Shoprite, has fallen victim to a ransomware attack by the RansomHouse group. RansomHouse is notorious for posting stolen data for sale but will just as easily publish the stolen data to their leak site if the victims or buyers show no interest in paying. It is still unclear if Shoprite is dealing with encryption or any other disruptions in their normal operations, as the RansomHouse group claim they do not employ encryption in their attacks, focusing instead on data theft and subsequent extortion.
BeanVPN exposes millions of user records
Researchers have discovered a database containing nearly 20GB of sensitive user records that belong to BeanVPN. While the company claims to not store any user logs or other identifying information, the now-secured database would appear to disprove those claims and leaves users vulnerable to attackers who may have also accessed the database. With the recent rise in VPN use over the past few years, picking a secure service can be difficult when faced with an ever-increasing number of providers and can leave customers questioning how that service will use and secure their data.
LockBit ransomware brings production to a halt at electronics plant
Following a cyberattack at the end of May, officials at the Mexican production plant for Foxconn electronics confirmed that they suffered a ransomware attack by the LockBit group. Though the deadline for the ransom payment has already passed, it is unclear if Foxconn paid an undisclosed amount to restore their systems or chose to use backups, but they do appear to be slowly returning to normal operations. This also happens to be the second ransomware attack that Foxconn has faced, after the 2020 DoppelPaymer attack on a different production facility.
Kaiser Permanente informs patients of data breach
More than 70,000 patients of Kaiser Permanente have been contacted about a recent data breach that may have compromised their protected health information. The incident itself occurred on April 5, with staff noticing unauthorized access to some of their sensitive internal systems via an employee’s email. Officials quickly worked to remove the malicious actor from their network and reset the compromised credentials that were used in the attack.
BlackCat ransomware now posting stolen data to public Internet
The BlackCat ransomware group has taken their leak site off the dark web and made it into a publicly accessible site where normal users can browse stolen data on the group’s victims. This is a notable change in tactics, as this data is normally only accessible to those using a Tor browser or searching through a dark web forum with multiple layers of anonymity. It is still questionable if this new method of data leaking will be more of an enticement to pay ransoms than victims currently have.